skill-freshness
Monitors and audits skill dependencies for freshness, ensuring that downstream skills do not consume outdated data.
Install this skill
Security score
The skill-freshness skill was audited on Jun 15, 2026 and we found 21 security issues across 1 threat category, including 10 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
Template literal with variable interpolation in command context
| 7 | > **${var}** — Optional. Pass `dry-run` to skip the notification (article still writes, log still appends). Pass a single skill name to scope the audit to that one consumer (e.g. `var=tweet-allocator` |
Template literal with variable interpolation in command context
| 29 | - `articles/skill-freshness-${today}.md` — the report. |
Template literal with variable interpolation in command context
| 31 | - `memory/logs/${today}.md` — log block. |
Template literal with variable interpolation in command context
| 55 | `MISSING` only fires for **explicit** dependencies (`chains: consume:` entries + canonical `articles/{producer}-${today}.md` patterns). Implicit grep-discovered references that simply never existed ar |
Template literal with variable interpolation in command context
| 61 | - If `${var}` matches `^dry-run` → `MODE=dry-run`. Strip the prefix; remainder treated as scope override. |
Template literal with variable interpolation in command context
| 63 | - If the remaining var is a non-empty string that matches an `aeon.yml` skill key → `SCOPE=single`, `SCOPED_SKILL=$var`. If it doesn't match any key, log `SKILL_FRESHNESS_NO_MATCH: ${var} not in aeon. |
Template literal with variable interpolation in command context
| 102 | For every `articles/{producer}-${today}.md` reference (or the date-suffixed equivalent), resolve to the actual most-recent file on disk: `ls -1t articles/{producer}-*.md 2>/dev/null | head -1`. Record |
Template literal with variable interpolation in command context
| 155 | Path: `articles/skill-freshness-${today}.md`. Overwrite if exists. |
Template literal with variable interpolation in command context
| 157 | ```markdown |
Template literal with variable interpolation in command context
| 168 | | ${consumer} | `${path}` | ${class} | ${age_human} | ${severity_emoji} ${severity} | |
Template literal with variable interpolation in command context
| 177 | > **${consumer}** — depends on ${N} files; ${flagged_count} flagged. Worst: `${worst_path}` last updated ${age} ago (threshold ${threshold}h, class ${class}). The producer `${producer}` last successfu |
Template literal with variable interpolation in command context
| 180 | - `MISSING` + producer is `daily`/`weekly` → "Check `${producer}` run history with `./scripts/skill-runs --skill ${producer} --hours 168`." |
Template literal with variable interpolation in command context
| 181 | - `STALE` → "Verify `${producer}` is still on schedule; if so, the producer ran but did not write a new article." |
Template literal with variable interpolation in command context
| 186 | A one-line per consumer with verdict OK: `- ${consumer} — ${dep_count} deps, all fresh.` |
Template literal with variable interpolation in command context
| 192 | - `aeon.yml`: ${parsed_skill_count} entries, ${enabled_count} enabled |
Template literal with variable interpolation in command context
| 194 | - Explicit `chains: consume:` edges: ${explicit_count} |
Template literal with variable interpolation in command context
| 205 | ```json |
Template literal with variable interpolation in command context
| 235 | ``` |
Template literal with variable interpolation in command context
| 250 | ### 12. Log to `memory/logs/${today}.md` |
Template literal with variable interpolation in command context
| 252 | ``` |
Template literal with variable interpolation in command context
| 272 | | `SKILL_FRESHNESS_NO_MATCH` | `${var}` named a skill not in aeon.yml | No | |